JavaScript could be exploited to do some nasty things to your computer. Especially on unknown websites, JavaScript could be used to redirect the page, open another browser window (which may contain malicious code), etc.

With the NoScript plugin, JavaScript will be disabled on every website you visit unless you allow the script to be executed. This makes it impossible for malicious websites to mess with your computer. Needless to say, you should only allow trusted websites to execute JavaScript. Otherwise, don’t.

I’d also disable Java, since it is rarely used anyway and it has more access to your file system — which means more risk if it is exploited.

Lastly, check for updates periodically, at least once a week. Always use the latest stable version of Firefox and your plugins.